Image Forming System, Computer-Readable Recording Medium Storing Driver Program, and Image Forming Method for Remote Job Execution

ABSTRACT

If a logged-in user to a host terminal device succeeds in user authentication via a directory server device, a user-manager server device transmits a job ticket and authorization information corresponding to the logged-in user to the host terminal device. The host terminal device receives the job ticket and the authorization information, generates a job execution instruction responsive to the authorization information, and transmits the generated job execution instruction to an image forming apparatus along with the job ticket. When the job execution instruction is received from the host terminal device, the image forming apparatus executes a job specified by the job execution instruction if the job ticket received along with the job execution instruction is determined to be valid.

INCORPORATION BY REFERENCE

This application is based upon and claims the benefit of priority fromcorresponding Japanese Patent Application No. 2009-268575, filed in theJapan Patent Office on Nov. 26, 2009, the entire contents of which isincorporated by reference herein.

BACKGROUND

1. Field of the Invention

The present invention relates to an image forming system, acomputer-readable recording medium storing driver program, and an imageforming method.

2. Description of the Related Art

In recent years, directory services such as Active Directory ande-Directory have been introduced in order to manage users and devices ina network system. Some image forming apparatuses such as a printer, acopier, and a multifunction peripheral (MFP) have a network function,which performs management of users and groups by the directory service.To perform the management of the users by the directory service, a userauthentication for a user who has performed a login operation to theimage forming apparatus is performed on the server device for thedirectory service.

On the image forming apparatus, an authorization process using only afunction permitted to a logged-in user among various functions isperformed. In the authorization process, authorization informationspecifying a function which is permitted or prohibited for use has beenpreviously set on the image forming apparatus for each user, and somefunctions to be used by the logged-in user are limited by theauthorization information.

In addition, there is a system providing the image forming apparatuswith the authorization information corresponding to the logged-in user,by an intermediate server device including the authorization informationfor each user. In this system, the intermediate server device performscentralized management of the authorization information for each user,but it is difficult to flexibly set the authorization information onusers and groups.

For example, in a case of setting the authorization information on agroup different from a domain group in the directory service, theauthorization information cannot be set collectively, and hence theauthorization information must be set for each of a plurality of usersbelonging to the group. This makes the process of setting up theauthorization information more complicated. It is possible toadditionally set the authorization information in the directory serviceon a group basis, but this raises a fear that bad influences may beexerted upon the directory service that is already in operation in acompany or the like.

In the system, the image forming apparatus obtains the authorizationinformation on the user who executes a job from the intermediate serverdevice. Therefore, in the case of causing the image forming apparatus toexecute the job via the network from the host terminal device, the usercannot be identified unless the user has logged in to the image formingapparatus, and hence it is difficult to acquire the authorizationinformation. Accordingly, in the case of causing the image formingapparatus to execute the job via the network from the host terminaldevice, the user needs to have logged in to the image forming apparatusby transmitting the user authentication information (such as a password)from the host terminal device to the image forming apparatus.

However, it is not preferred in terms of security to transmit such userauthentication information via the network. Further, in the system, itis necessary to log in to the intermediate server device at first, andhence it is necessary to log in twice in total to both the intermediateserver device and the image forming apparatus in order to cause theimage forming apparatus to execute a job via the network from the hostterminal device.

SUMMARY

The present disclosure relates to an image forming system that may limita function used by an image forming apparatus according to authorizationinformation while maintaining security and may cause one login processto be necessary in executing a job on the image forming apparatus via anetwork from a host terminal device, and also relates to acomputer-readable recording medium that stores a driver program.

An image forming system according to one aspect of the presentdisclosure includes: an image forming apparatus coupled to a network, ahost terminal device coupled to the network configured to cause theimage forming apparatus to execute a job, and a user-manager serverdevice coupled to the network and including authorization information onone of a group and a user. If authentication of the logged-in user tothe host terminal device is successful, the user-manager server devicetransmits to the host terminal device a job ticket indicating one ormore job execution permissions on the image forming apparatus for alogged-in user and the authorization information corresponding to thelogged-in user. The host terminal device generates a job executioninstruction corresponding to the authorization information, andtransmits the job execution instruction and the job ticket to the imageforming apparatus. The image forming apparatus executes the jobspecified by the job execution instruction if the job ticket is valid.

According to another aspect of the present disclosure, there is provideda computer-readable recording medium that stores a driver program to beinstalled on a host terminal device that causes an image formingapparatus to execute a job via a network. The driver program controls acomputer within the host terminal device to function as: a ticketprocessing unit configured to if authentication of the logged-in user tothe host terminal device is successful, receive a job ticket indicatingone or more job execution permissions on the image forming apparatus andauthorization information corresponding to a logged-in user from auser-manager server device coupled to the network that includesauthorization information on one of a group and a user, and a jobprocessing unit configured to (i) generate a job execution instructionresponsive to the authorization information, (ii) transmit the jobexecution instruction and the job ticket to the image forming apparatus,and (iii) cause the image forming apparatus to execute the job.

An image forming method according to another aspect of the presentdisclosure includes: transmitting, via a host terminal device coupled toa network, a request to issue a job ticket to a user-manager serverdevice via the network when a job request made by a logged-in user isdetected by a driver, verifying, via a directory server device coupledto the network, whether or not authentication of the logged-in user hasbeen successful, if the authentication is successful, generating, viathe user-manager server device, the job ticket of the logged-in user andtransmitting the job ticket and authorization information correspondingto the logged-in user to the host terminal device via the network,generating, via the host terminal device, a job execution instructionresponsive to the authorization information and transmitting the jobexecution instruction and the job ticket to an image forming apparatus,and if the job ticket is valid, executing, via the image formingapparatus, a job specified by the job execution instruction.

BRIEF DESCRIPTION OF FIGURES

In the accompanying drawings:

FIG. 1 is a block diagram illustrating a configuration of an imageforming system according to an embodiment of the present disclosure;

FIG. 2 is a block diagram illustrating a configuration of amultifunction peripheral (MFP);

FIG. 3 is a block diagram illustrating a configuration of a user-managerserver device;

FIG. 4 is a diagram illustrating a structural example of authorizationpolicy data;

FIG. 5 is a block diagram illustrating a configuration of a directoryserver device.

FIG. 6 is a block diagram illustrating a configuration of a hostterminal device.

FIG. 7 is a sequence diagram illustrating an operation of each ofapparatuses and devices when a user logs in to the MFP in the imageforming system illustrated in FIG. 1;

FIG. 8 is a sequence diagram illustrating a processing for causing theMFP to execute a job from the host terminal device in the image formingsystem illustrated in FIG. 1.

DETAILED DESCRIPTION

FIG. 1 is a block diagram illustrating a configuration of an imageforming system according to an embodiment of the present disclosure. Aplurality of multifunction peripherals (MFPs) 1A and 1B are connected toa network 2. Further connected to the network 2 are a user-managerserver device 3, a directory server device 4, and a host terminal device5.

The MFP 1A is an image forming apparatus having a printer function, ascanner function, a copy function, a facsimile function, and the like,that uses those functions to execute various kinds of jobs responsive toreceiving an instruction from an operation panel on the MFP 1A or from ahost terminal device connected to the network 2. The MFP 1B is an imageforming apparatus having a same or similar configuration.

The user-manager server device 3 receives a user authentication requestfrom the MFPs 1A and 1B, and provides authorization informationcorresponding to a logged-in user to the MFPs 1A and 1B. The directoryserver device 4 provides a directory service such as Active Directory ore-Directory.

FIG. 2 is a block diagram illustrating a configuration of the MFP 1A ofFIG. 1. The MFP 1B includes a same or similar configuration. The MFP 1Aincludes an operation panel 21, a modem 22, a network interface 23, aprinter 24, a scanner 25, and a control device 26.

The operation panel 21 is installed onto the MFP 1A, and includes adisplay device 21 a that presents various kinds of information to theuser and an input device 21 b that receives a user operation. Thedisplay device 21 a may include, for example, a liquid crystal displayand various kinds of indicators. The input device 21 b may include, forexample, a touch panel and key switches.

The modem 22 is a communication device that is connected to asubscriber's telephone line network such as a public switched telephonenetwork (PSTN) and performs transmission/reception of facsimile data.

The network interface 23 is connected to the computer network 2 in awired and/or wireless manner, and performs data communications withother devices (for example, the user-manager server device 3 and thehost terminal device 5) connected to the network 2.

The printer 24 performs printing on a paper sheet responsive to a printrequest and delivers a printed paper sheet. In an electro photographicprocess, by causing a light source to emit light based on printing dataafter charging a photoconductor drum, the printer 24 forms anelectrostatic latent image on the photoconductor drum surface, developsthe electrostatic latent image via toner, transfers the developed tonerimage onto the paper sheet, fixes the toner image, and delivers theprinted paper sheet to an output tray.

The scanner 25 applies light to one side surface or both side surfacesof a document fed from an automatic document feeder or a document placedby the user, receives reflected light, and outputs corresponding imagedata reflecting the contents of the document.

The control device 26 controls processing units of the MFP 1A andperforms data processing. The control device 26 is configured as acomputer including, for example, a central processing unit (CPU), a readonly memory (ROM), and a random access memory (RAM). On the controldevice 26, the CPU implements various kinds of processing units byloading a program stored in the ROM or other storage device (forexample, a flash memory) into the RAM and executing the program. Thecontrol device 26 implements a FAX communication unit 31, a networkcommunication unit 32, a control unit 33, and a determination unit 34.

The FAX communication unit 31 controls the modem 22 to receive thefacsimile data. After receiving of the facsimile data, the FAXcommunication unit 31 supplies a corresponding print request to thecontrol unit 33.

The network communication unit 32 controls the network interface 23 toperform data communications with the devices on the network 2 usingvarious kinds of communication protocols. For example, the networkcommunication unit 32 transmits, to the user-manager server device 3, auser name (user ID) and a password input through the operation panel 21upon user login, and receives the authorization informationcorresponding to the logged-in user from the user-manager server device3. Further, the network communication unit 32 receives the print requestfor page description language (PDL) data or the like from the hostdevice, and supplies the print request to the control unit 33.

The control unit 33 receives a job request in response to a useroperation with respect to the operation panel 21 or a job executioninstruction received from the host terminal device 5 by the networkinterface 23 and the network communication unit 32, and controls theunits within the MFP 1A to execute a job corresponding to the jobrequest. The job execution instruction may include a print request, ascan request, and/or a facsimile transmission request. Further, whenthere occurs a login operation on the operation panel 21, the controlunit 33 causes the network communication unit 32 to request a userauthentication, authorization information, and the like from theuser-manager server device 3. Further, when a job execution instructionis received from the host terminal device 5, the control unit 33determines whether or not a job ticket received along with the jobexecution instruction is valid, and only if the job ticket is valid,executes the job (such as printing, scanning, or facsimile transmission)specified by the job execution instruction. It should be noted that thejob ticket is data indicating permissions for jobs to be performed onthe MFP 1A and/or 1B.

For example, the control unit 33 may receive a user name (user ID) alongwith a job execution instruction, transmit the user name (user ID) and ajob ticket to the user-manager server device 3, cause the user-managerserver device 3 to verify whether or not the job ticket has been issuedto the user name, receive a verification result from the user-managerserver device 3, and determine whether or not the job ticket is validbased on the verification result. Further, the control unit 33 mayreceive the user name (user ID) along with the job executioninstruction, perform a predetermined calculation, and determine whetheror not the job ticket has been issued to the user of the user name (userID). For example, when the job ticket is a value of a predeterminedfunction (hash function, encryption function, or the like) using theuser name (user ID) as a variable, if the value of the same functionobtained from the received user name (user ID) matches the value of thereceived job ticket, it may be determined that the job ticket has beenissued to the user of the user name (user ID).

Based on the authorization information corresponding to the logged-inuser received from the user-manager server device 3 through the networkinterface 23 and the network communication unit 32, the determinationunit 34 specifies a function which is prohibited or permitted for use bythe logged-in user from among the functions that the MFP 1A provides,and stores data indicating whether or not the use of each of thefunctions is permitted in the RAM. The control unit 33 references thedata to limit the use of the MFP 1A by the logged-in user. For example,when the use of a color copy function is limited for a particularlogged-in user, a menu of the copy function may be displayed on theoperation panel 21 so as to prevent the color copy function from beingchosen by the particular logged-in user. For example, a button forchoosing a color copy may be grayed out.

FIG. 3 is a block diagram illustrating a configuration of theuser-manager server device 3 of FIG. 1. The user-manager server device 3includes a storage device 41, a network interface 42, and a processor43.

The storage device 41 stores a program and data. The storage device 41may include a nonvolatile semiconductor memory, a hard disk drive, orthe like. The storage device 41 may store authorization policy data 51,local user data 52, and local group data 53.

The authorization policy data 51 includes authorization information datahaving the authorization information used for specifying the functionwhich is permitted for use by the logged-in user at the MFPs 1A and/or1B. The authorization policy data 51 includes the authorizationinformation on a user and/or group basis. The authorization informationon users may be applied to a user, and the authorization information ongroups may be applied to a user belonging to a group. As theauthorization information on users, the authorization policy data 51includes the authorization information on domain users registered on thedirectory server device 4 and/or the authorization information on localusers registered on the user-manager server device 3. As theauthorization information on groups, the authorization policy data 51includes the authorization information on domain groups registered onthe directory server device 4 and/or the authorization information onlocal groups registered on the user-manager server device 3. Theauthorization information on users may include an ID of a user andinformation on a function (for example, an ID of the function) which ispermitted or prohibited for use by the user. The authorizationinformation on groups includes an ID of a group and information on afunction (for example, an ID of the function) which is permitted orprohibited for use by a user belonging to the group. For example, thefunction which is permitted or prohibited for use may includeupper-level functions such as printing, scanning, copying, facsimiletransmission, and/or lower-level items (for example, a color/blackchoosing function) accompanying each of the upper-level items.

FIG. 4 is a diagram illustrating a structural example of theauthorization policy data 51 of FIG. 3.

As shown in FIG. 4, a domain group A includes domain users A, B, C, andD. A local group A includes local users A and B and domain users B andD. An authorization policy #1 (policy data including authorizationinformation) is set for the domain group A. An authorization policy #2is set for the domain user A belonging to the domain group A. Anauthorization policy #3 is set for the local group A. An authorizationpolicy #4 is set for the local user A belonging to the local group A. Anauthorization policy #5 is set for the domain user B belonging to thedomain group A. An authorization policy #6 is set for a domain user E.An authorization policy #7 is set for a local user C.

The local user data 52 is registration information data including theauthentication information on local users (for example, the user ID andthe password). The local user is registered on the user-manager serverdevice 3 separately from the domain user registered on the directoryserver device 4.

The local group data 53 is registration information data including theauthentication information on local groups (the group ID and the userIDs of the users belonging to the group). The local group is registeredon the user-manager server device 3 separately from the domain groupregistered on the directory server device 4. The local group includesthe local users and the domain users. In other words, the local groupconsisting of only the local users, the local group consisting of onlythe domain users, and the local group consisting of the local users andthe domain users are set.

The network interface 42 is connected to the computer network 2 in awired and/or wireless manner, and performs data communications withother devices (for example, MFPs 1A and 1B and directory server device4) connected to the network 2.

The processor 43 is configured as a computer including a CPU, a ROM, anda RAM, and implements various kinds of processing units by loading aprogram stored in the ROM or the storage device 41 into the RAM andcausing the CPU to execute the program. The processor 43 implements anetwork communication unit 61, a user authentication processing unit 62,an authorization processing unit 63, and a job ticket issue processingunit 64.

The network communication unit 61 controls the network interface 42 toperform data communications with the devices on the network 2 usingvarious kinds of communication protocols. The network communication unit61 may receive the user name (user ID) and the password from the MFP 1A,and transmit the authorization information on the user to the MFP 1A.The network communication unit 61 may also transmit the userauthentication request to the directory server device 4, and receive anauthentication result and user information from the directory serverdevice 4.

The user authentication processing unit 62 uses the network interface 42to cause the directory server device 4 to perform authentication of thelogged-in users to the MFPs 1A and/or 1B.

When the logged-in user to the MFP 1A and/or the MFP 1B who hassucceeded in the user authentication belongs to the local group, theauthorization processing unit 63 extracts the authorization informationon local groups from the authorization policy data 51, and transmits theauthentication information as the authorization informationcorresponding to the logged-in user to the MFP 1A and/or the MFP 1Bthrough the network interface 42. On the other hand, when the logged-inuser who has succeeded in the user authentication does not belong to anylocal group, the authorization processing unit 63 extracts theauthorization information on domain users or domain groups to which thelogged-in user belongs from the authorization policy data 51, andtransmits the authentication information as the authorizationinformation corresponding to the logged-in user to the MFP 1A and/or theMFP 1B through the network interface 42.

For example, in the case of FIG. 4, when the domain user A logs in tothe MFP 1A, the authorization policy #2 and the authorization policy #1are transmitted to the MFP 1A. If a conflict occurs between theauthorization information on the user and on the group (for example,authorization policy #2 and authorization policy #1), the predeterminedauthorization information on the groups or users is applied.

When the domain user B logs in to the MFP 1A, the authorization policy#5, the authorization policy #3, and the authorization policy #1 aretransmitted to the MFP 1A. If a conflict occurs between theauthorization information on domain groups and local groups (forexample, authorization policy #1 and authorization policy #3), thepredetermined authorization information on domain groups or local groupsis applied.

When the domain user C logs in to the MFP 1A, the authorization policy#1 is transmitted to the MFP 1A. Further, when the domain user D logs into the MFP 1A, the authorization policy #1 and the authorization policy#3 are transmitted to the MFP 1A.

When the domain user E logs in to the MFP 1A, the authorization policy#6 is transmitted to the MFP 1A.

When the local user A logs in to the MFP 1A, the authorization policy #4and the authorization policy #3 are transmitted to the MFP 1A.

When the local user B logs in to the MFP 1A, the authorization policy #3is transmitted to the MFP 1A.

When the local user C logs in to the MFP 1A, the authorization policy #7is transmitted to the MFP 1A.

It should be noted that, when there is a plurality of authorizationinformation to be applied to the logged-in user, the authorizationprocessing unit 63 may generate user-authorization information thatpermits the use of the function which is permitted for use by any one ofthe authorization information. In other words, the authorizationprocessing unit 63 may generate user-authorization information thatprohibits the use of the function which is prohibited for use by atleast one of the authorization information.

If an issuance request for a job ticket is received from the hostterminal device 5 operated by a logged-in user to the host terminaldevice 5 after the logged-in user has succeeded in the userauthentication on the directory server device 4, the ticket issuanceprocessing unit 64 generates the job ticket and transmits the job ticketand the authorization information applied to the logged-in user to thehost terminal device 5. It should be noted that, the issuance requestfor the job ticket made by the user who has not succeeded in the userauthentication on the directory server device 4 is rejected. Further, inplace of the ticket issuance processing unit 64, the authorizationprocessing unit 63 may transmit the authorization information applied tothe logged-in user to the host terminal device 5.

For example, the ticket issuance processing unit 64 may use apredetermined function to generate a job ticket unique to the user fromthe user name (user ID). Further, for example, the ticket issuanceprocessing unit 64 may use a predetermined function to generate the jobticket unique to the user from the user name (user ID) and one-time data(single-use information). For example, a hash function may be used asthe predetermined function. Information that changes each time the jobticket is issued may be used as the one-time data, such as informationincluding a serial number having a date and/or time of the issuance ofthe request for the job ticket or job ticket generation.

It should be noted that, in a system in which the MFP 1A or 1B inquiresabout validity of the job ticket from the user-manager server device 3,the ticket issuance processing unit 64 may save the generated job ticketin the storage device 41 in association with the user name (user ID) ofthe issuance destination of the job ticket. When the inquiry isreceived, if the job ticket of a user that the inquiry has been made issaved in the storage device 41, the ticket issuance processing unit 64may return to the MFP 1A and/or 1B the verification result indicatingthat the job ticket is valid, and delete/nullify the job ticket from thestorage device 41. This allows the user to use the job ticket, which hasbeen issued to the user, for the job execution on the MFP 1A and/or 1Bonly once.

FIG. 5 is a block diagram illustrating a configuration of the directoryserver device 4 of FIG. 1. The directory server device 4 includes astorage device 71, a network interface 72, and a processor 73.

The storage device 71 stores a program and data. The storage device 71may be, for example, a nonvolatile semiconductor memory, a hard diskdrive, or the like. A directory database (DB) 91 for a directory serviceis built on the storage device 71. The directory database 91 may includeuser data 91 a and group data 91 b. The user data 91 a may includeregistration information data having authentication information (forexample, the user ID and the password) and user information (forexample, contact information such as a telephone number, a facsimiletransmission number, or an electronic mail address and other attributeinformation). The group data 91 b may include registration informationdata having the authentication information (for example, a group ID,user IDs of users belonging to the group) and group information (forexample, contact information, a manager, and other attributeinformation).

The network interface 72 is connected to the computer network 2 in awired or wireless manner, and performs data communications with otherdevices (for example, the user manager server device 3) connected to thenetwork 2.

The processor 73 includes a CPU, a ROM, and a RAM, and implementsvarious processing units by loading a program stored in the ROM or thestorage device 71 into the RAM and causing the CPU to execute theprogram. For example, the processor 73 may implement a networkcommunication unit 81 and a directory service processing unit 82.

The network communication unit 81 controls the network interface 72 toperform data communications with the devices on the network 2 usingvarious kinds of communication protocols. For example, the networkcommunication unit 81 may receive the user authentication request, andtransmit the authentication result and the user information.

The directory service processing unit 82 manages the domain user and thedomain group. The directory service processing unit 82 performsregistration and deletion of the domain user and the domain group, userauthentication, and provision of the user information on the domain userand the group information on the domain group. The user authenticationmay include lightweight directory access protocol (LDAP) authentication,Kerberos authentication, or the like. When a directory service is ActiveDirectory, the directory service processing unit 82 may operate as adomain controller.

FIG. 6 is a block diagram illustrating the configuration of the hostterminal device 5 of FIG. 1. The host terminal device 5 includes astorage device 101, a network interface 102, a display device 103, aninput device 104, and a processor 105. The host terminal device 5 maybe, for example, a personal computer in which predetermined programssuch as an operating system and driver programs are installed.

The storage device 101 stores a program and data. The storage device 101may include a nonvolatile semiconductor memory, a hard disk drive, orthe like. The storage device 101 stores a driver program 101 a.

The network interface 102 is connected to the computer network 2 in awired and/or wireless manner, and performs data communications withother devices (for example, the MFP 1A or 1B, the user manager serverdevice 3, and the directory server device 4) connected to the network 2.

The display device 103 (for example, a liquid crystal display) displaysvarious kinds of information to the user. The input device 104 (forexample, a keyboard and/or a mouse) receives a user operation, andoutputs an electrical signal corresponding to the user operation to theprocessor 105.

The processor 105 is configured as a computer including a CPU, a ROM,and a RAM, and implements various processing units by loading a programstored in the ROM or the storage device 101 into the RAM and causing theCPU to execute the program. The processor 105 may cause the operatingsystem (such as Windows, registered trademark) to implement a networkcommunication unit 111 and a login processing unit 112, and may cause adriver program 101 a to implement a driver 113. The operating system cancause the host terminal device 5 to participate in the directory serviceprovided by the directory server device 4.

The network communication unit 111 controls the network interface 102 toperform data communications with the devices on the network 2 usingvarious communication protocols.

The login processing unit 112 causes the directory server device 4 toperform the user authentication on the user of the host terminal device5 and permits only a user who has succeeded in the user authenticationto perform further operations after the login operation. In this case,at the start of the operating system on the host terminal device 5, thedisplay device 103 is caused to display a login screen that prompts aninput of user authentication information (such as a user ID and/orpassword). If the user authentication information is input to the inputdevice 104, input user authentication information is identified, and theuser authentication request and the user authentication information aretransmitted to the directory server device 4. If the user authenticationresult from the directory server device 4 indicates a successfulauthentication, the display screen is caused to transition to a screenthat can be operated by the user (for example, a desktop screen or ascreen having a command prompt), that allows the further operationsafter the login operation (such as execution of an application, autility, a driver, and the like). Meanwhile, if the user authenticationresult from the directory server device 4 indicates a failedauthentication, the display of the login screen is continued, and thefurther operations are inhibited.

The driver 113 includes a ticket processing unit 121 and a jobprocessing unit 122. The ticket processing unit 121 acquires the jobticket and the authorization information applied to the logged-in userfrom the user-manager server device 3 after the logged-in user hassucceeded in the user authentication via the directory server device 4.The job processing unit 122 generates a job execution instructionresponsive to the authorization information acquired by the ticketprocessing unit 121 and transmits the generated job executioninstruction to the MFP 1A (and/or MFP 1B) along with the job ticket toexecute the job. It should be noted that the job processing unit 122transmits the user name (user ID) along with the job executioninstruction as necessary. However, the job processing unit 122 does nottransmit the user authentication information (that is, secretinformation necessary for login, such as a password) to the MFP 1A(and/or MFP 1B).

FIG. 7 is a sequence diagram illustrating the operation of each of theapparatuses and the devices when the user logs in to the MFP 1A in theimage forming system illustrated in FIG. 1. Each of the apparatuses andthe devices illustrated in FIG. 7 would operate in a same or similarmanner when a user logs in to the MFP 1B.

The operation panel 21 of the MFP 1A detects an operation of inputting auser name (the user ID) and a password performed by the user (S1). Thecontrol unit 33 causes the network communication unit 32 and the networkinterface 23 to transmit the user name and/or the password to theuser-manager server device 3 (S2).

On the user-manager server device 3, the user authentication processingunit 62 causes the network communication unit 61 and the networkinterface 42 to receive the user name and/or the password and transmitthe user name, the password, and an authentication request to thedirectory server device 4 using a predetermined protocol (for example,LDAP) (S3).

On the directory server device 4, the directory service processing unit82 causes the network communication unit 81 and the network interface 72to receive the user name, the password, and the authentication requestby the predetermined protocol, and references the directory database 91to determine whether or not the user name and/or the password belongs toa valid user (S4).

The directory service processing unit 82 causes the networkcommunication unit 81 and the network interface 72 to transmit adetermination (authentication) result (and, if the authentication issuccessful, the user information on the user), to the user-managerserver device 3 as a response to the authentication request (S5).

On the user-manager server device 3, the user authentication processingunit 62 causes the network communication unit 61 and the networkinterface 42 to receive the authentication result as the response to theauthentication request. If the authentication has been successful, theuser authentication processing unit 62 receives the user information,and the authorization processing unit 63 references the authorizationpolicy data 51 to specify the authorization information on the user(authorization policy to be applied to the user) (S6). The authorizationprocessing unit 63 causes the network communication unit 61 and thenetwork interface 42 to transmit a response indicating the successfulauthentication to the MFP 1A (and/or MFP 1B) in addition to theauthorization information and the user information (S7).

On the MFP 1A, the control unit 33 causes the network communication unit32 and the network interface 23 to receive the authorization informationand the user information, and provides the authorization information tothe determination unit 34 (S8). Based on the authorization information,the determination unit 34 sets, in the RAM, data indicating whether ornot the user is permitted to use each of the functions that the MFP 1Aprovides.

The user is then permitted to use the MFP 1A with the functions limitedaccording to the authorization information (S9). On the MFP 1A, thecontrol unit 33 references the data set by the determination unit 34 toallow only a job that uses the functions permitted to the user, andexecutes the allowed job.

It should be noted that, if the user authentication has failed, only aresponse indicating an authentication failure is transmitted from theuser-manager server device 3 to the MFP 1A. After receiving of theresponse indicating the authentication failure, the MFP 1A may display amessage indicating the authentication failure onto the operation panel21, and prohibit the user from using the MFP 1A.

Described next is a process for causing the MFP 1A to execute a job fromthe host terminal device 5 in the image forming system. FIG. 8 is asequence diagram illustrating the process for causing the MFP 1A toexecute the job from the host terminal device in the image formingsystem of FIG. 1. It should be noted that a same or similar process maybe used for causing the MFP 1B to execute a job from the host terminaldevice 5.

After the host terminal device 5 (and the operating system) is started,the login processing unit 112 causes the display device 103 to displaythe login screen. Once the user operates the input device 104 to input auser name (user ID) and/or a password onto the login screen, the loginprocessing unit 112 identifies the user name (user ID) and/or thepassword that have been input (Step S21), and causes the networkcommunication unit 111 and the network interface 102 to access thedirectory server device 4 via the network 2 and request that userauthentication be performed on the user name (user ID) and/or thepassword (Step S22). The directory server device 4 determines whether ornot the user name (user ID) and/or the password received along with theuser authentication request match the user name (user ID) and/or thepassword of the user registered on the directory server device 4. Thedirectory server device 4 transmits the user authentication result tothe host terminal device 5 in response to the user authenticationrequest (Step S24).

When the user authentication is successful, the user logs in to thedirectory server device 4 and is allowed to access a resource which isregistered in the directory service and access the resource(s) which arepermitted for the user. It should be noted that, when the userauthentication fails, the user fails to log in to the directory serverdevice 4 and cannot perform operations other than making a repeatedlogin attempt.

When the driver program 101 a is executed and the job processing unit122 of the driver 113 detects the occurrence of a job request (forexample, a request to print to the MFP 1A) based on a user operation oran instruction by an application program (Step S25), the ticketprocessing unit 121 transmits an issuance request for a job ticket tothe user-manager server device 3 via the network 2 (Step S26). At theuser-manager server device 3, after receiving of the job ticket issuerequest, the ticket issuance processing unit 64 causes the directoryservice to verify whether or not the user who has made the issue requesthas logged in to the directory server device 4 (Step S27). If the userwho has made the issue request has logged in to the directory serverdevice 4, the ticket issuance processing unit 64 generates the jobticket for the user (Step S28). Then, the ticket issuance processingunit 64 transmits the generated job ticket, the authorizationinformation (the authorization policy for the user and/or theauthorization policy for the group to which the user belongs) applied tothe user, and user information (such as an electronic mail address) onthe user to the host terminal device 5 via the network 2 (Step S29). Itshould be noted that, if the user who has made the issue request has notlogged in to the directory server device 4, the ticket issuanceprocessing unit 64 rejects the issue request and transmits a responseindicating a failure in issuing the job ticket to the host terminaldevice 5.

After receiving the job ticket, the authorization information, and theuser information, the ticket processing unit 121 temporarily saves thejob ticket, the authorization information, and the user information inthe RAM or the like. The job processing unit 122 generates the jobexecution instruction and the job data within the limits of theauthorization information based on the job request of Step S25 (StepS30). For example, if a printing job is requested, and the authorizationinformation inhibits color printing and permits monochrome printing, thejob execution instruction and the job data for the monochrome printingare allowed to be generated, but the job execution instruction and thejob data for the color printing are prevented from being generated. Thatis, the driver 113 inhibits the user from executing color printing (forexample, grays out an item for the color printing to inhibit the colorprinting from being chosen from an option menu containing the items for,perhaps, both color printing and monochrome printing on a screen of thedriver 113) based on the authorization information.

The job processing unit 122 then transmits the generated job executioninstruction and the generated job data along with the job ticket to theMFP 1A via the network 2 (Step S31). It should be noted that, in thecase of a job execution instruction for the printing job, pagedescription language (PDL) data may also be transmitted as the job data,but in a case of a job execution instruction for scanning, job data maynot be transmitted.

After receiving of the job execution instruction, the job data, and thejob ticket, for example, the control unit 33 of the MFP 1A makes aninquiry to the user-manager server device 3 to verify the validity ofthe job ticket (Step S32). If the job ticket has been legally issued tothe user (that is, the job ticket is valid), the control unit 33executes the job corresponding to the job execution instruction (StepS33). If the job ticket is not valid, the control unit 33 rejects thejob execution instruction and does not execute the job.

When the execution of the job is completed, the control unit 33transmits an execution result to the host terminal device 5 via thenetwork 2 (Step S34). In the case of the job execution instructioncorresponding to a printing job, the execution result may includeinformation as to whether or not the job has been normally completed. Inthe case of the job execution instruction corresponding to a scanningjob, the execution result may include an image data file generated by ascanning operation. The job processing unit 122 of the host terminaldevice 5 receives the execution result via the network 2, and displaysand saves the execution result corresponding to the type of the job. Itshould be noted that, in a case where the user-manager server device 3collects and summarizes logs of the execution job from the MFPs 1A and1B, the logs (in terms of the user name, the job type, and the like) ofthe execution job are transmitted to the user-manager server device 3.

As described above, by using the job ticket, it is not necessary totransmit the user authentication information to the MFP 1A to performthe login process to the MFP 1A, and hence only one login process to thedirectory server device 4 is necessary. Therefore, in the case ofexecuting the job on the MFP 1A from the host terminal device 5 via thenetwork 2, it is possible to limit the function used by the MFP 1Acorresponding to the authorization information while maintaining thesecurity and causing only one login process to be necessary.

The present disclosure includes various other embodiments. For example,other designs can be used in which the above-described components areeach performed.

In the image forming system according to the present disclosure, an IDcard (for example, an IC card) assigned to a user may be used instead ofthe user inputting his or her user name into the MFP 1A during userlogin.

An IC card reader may be connected to the MFP 1A, and when the ID cardis brought to the IC card reader, the control unit 33 may use the ICcard reader to read a card ID from the ID card. The control unit 33 maythen transmit the card ID to the user-manager server device 3 with thepassword input in the same manner as in the above-described embodiment.

In the storage device 41 of the user-manager server device 3, conversiondata is stored in which the card ID is associated with a user ID of theuser to which the ID card is assigned. After receiving of the card IDand the password, the user authentication processing unit 62 referencesthe conversion data to specify the user ID corresponding to the card ID,and causes the directory server device 4 to perform the userauthentication based on the specified user ID and the received password.

While the IC card is used as the ID card in the above described example,a card including a recording medium of another format (for example, amagnetic card) may also or alternatively be used. In this case, a readerthat can read the card ID from the card of the another format is usedinstead of the IC card reader. Further, biometric information such as afingerprint may be used instead of the ID card. In this case, a readerthat can acquire the biometric information from the user is used insteadof the IC card reader, and a characteristic of a feature obtained fromthe biometric information is used as biometric ID.

In the above-described embodiment, the host terminal device 5 directlyaccesses the directory server device 4 to request the userauthentication. However, in the same manner as the MFPs 1A and 1B, thehost terminal device 5 may request the user authentication from theuser-manager server device 3, and the user-manager server device 3 maycause the directory server device 4 to perform the user authentication.

In one embodiment, the IC card reader may be provided to the hostterminal device 5, and the login to the directory server device 4 maybeperformed by using an ID card or the like. In that case, theuser-manager server device 3 converts a card ID of the ID card into theuser ID (user name).

In the above-described embodiment, the local users and the domain userscoexist in the local group, but the local group may be formed of onlylocal users or the local group may be formed of only domain users, orsome combination thereof.

In the above-described embodiment, the user-manager server device 3 andthe directory server device 4 maybe configured to perform datacommunications via another network different from the network 2 byconnecting the user-manager server device 3 to the another networkinstead of being connected to the network 2. It should be noted that,the host terminal device 5 is configured to have access to a networkthat provides access to the user-manager server device 3 and/or thedirectory server device 4.

In the above-described embodiment, the MFPs 1A and 1B are used as theimage forming apparatuses, but a printer, a copier, and the like mayadditionally or alternatively be used. Further, while the illustratedimage forming system includes two image forming apparatuses, the imageforming system may alternatively include less than two or more than twoimage forming apparatuses.

An access right level to the MFP maybe included in the authorizationinformation. For example, one of the administrator and the general useris set as the access right level. In a case of the administrator, it ispossible to use a function such as maintenance, which cannot be used bythe general user.

In the above-described embodiment, the driver program may be recorded ona portable recording medium, and the driver program may be installedand/or executed from the recording medium onto the host terminal device5.

It should be understood that various changes and modifications to thepresently preferred embodiments described herein will be apparent tothose skilled in the art. Such changes and modifications can be madewithout departing from the spirit and scope of the present subjectmatter and without diminishing its intended advantages. It is thereforeintended that such changes and modifications be covered by the appendedclaims.

1. An image forming system, comprising: an image forming apparatuscoupled to a network; a host terminal device coupled to the network andconfigured to (i) provide an interface to allow a user to log-in, and(ii) cause the image forming apparatus to execute a job associated withthe logged-in user; and a user-manager server device coupled to thenetwork and configured to (i) store authorization information on one ofa group and a user, (ii) responsive to determining that anauthentication corresponding to the logged-in user has been successful,transmit to the host terminal device the authorization information and ajob ticket indicating one or more permissions with respect to imageforming apparatus functions that may be performed by a logged-in user;wherein the host terminal device is further configured to generate a jobexecution instruction responsive to the authorization information, andtransmit the job execution instruction and the job ticket to the imageforming apparatus; and wherein the image forming apparatus is furtherconfigured to (i) determine if the job ticket is valid and (ii)responsive to a determination that the job ticket is valid, execute thejob specified by the job execution instruction.
 2. The image formingsystem according to claim 1, further comprising a directory serverdevice coupled to the network and configured to include registrationinformation data on one of a domain group and a domain user, wherein:the host terminal device transmits authentication informationcorresponding to the logged-in user to the directory server device; andthe directory server device performs the authentication corresponding tothe logged-in user based on the received authentication information andthe registration information data on the one of the domain group and thedomain user.
 3. The image forming system according to claim 2, wherein:the host terminal device transmits the authentication informationcorresponding to the logged-in user to the directory server device viathe user-manager server device.
 4. The image forming system according toclaim 2, wherein the user-manager server device includes secondregistration information data on one of a local group and a local userthat is separate from the registration information data on the directoryserver device.
 5. The image forming system according to claim 4, whereinthe user-manager server device (i) sets the authorization informationbased on the second registration information data if the logged-in userbelongs to the local group and (ii) sets the authorization informationbased on the registration information data if the logged-in user doesnot belong to the local group.
 6. The image forming system according toclaim 4, wherein if the logged-in user belongs to the local group and tothe domain group, the user-manager server device is further configuredto generate the authorization information commonly from both theregistration information data and the second registration informationdata.
 7. The image forming system according to claim 1, wherein theuser-manager server device generates a unique job ticket based on thelogged-in user's user ID and a one-time data using a predeterminedfunction.
 8. The image forming system according to claim 7, wherein thepredetermined function includes a hash function.
 9. The image formingsystem according to claim 7, wherein the one-time data includes a serialnumber having including one of a date and time of issuance of therequest for the job ticket or one of a date and time of the job ticketgeneration.
 10. The image forming system according to claim 1, whereinthe host terminal device is further configured to receive an indicationof the result of the job execution from the image forming apparatus. 11.A computer-readable recording medium that stores a driver program to beexecuted on a host computing device connected to a network, the driverprogram, in response to execution by the computing device, causing thecomputing device to perform operations comprising: authenticating alogged-in user to the host computing device; subsequent to theauthenticating, receiving a job ticket, indicating one or morepermissions with respect to image forming apparatus functions that maybe performed by a logged-in user, from a user-manager server devicecoupled to the network that includes authorization information on one ofa group and a user; generating a job execution instruction responsive tothe authorization information, transmitting the job executioninstruction and the job ticket to the image forming apparatus, andcausing the image forming apparatus to execute the job.
 12. Thecomputer-readable recording medium according to claim 11, wherein theoperations further comprise: transmitting authentication informationcorresponding to the logged-in user via the network to a directoryserver device that includes registration information data on one of adomain group and a domain user; and receiving an authentication resultfrom the directory server device.
 13. The computer-readable recordingmedium according to claim 12, wherein: transmitting the authenticationinformation corresponding to the logged-in user to the directory serverdevice comprises transmitting the authentication information to thedirectory server via the user-manager server device.
 14. Thecomputer-readable recording medium according to claim 11, wherein a newjob ticket is received each time a new job is to be executed.
 15. Thecomputer-readable recording medium according to claim 11, wherein theoperations further comprise transmitting the job ticket to the imageforming apparatus without also transmitting a password corresponding tothe logged-in user.
 16. The computer-readable recording medium accordingto claim 11, wherein the operations further comprise receiving, at thehost computing device, an indication of the result of the job executionfrom the image forming apparatus.
 17. An image forming method,comprising: transmitting, from a host terminal device coupled to anetwork to a user-manager service device coupled to the network, arequest to issue a job ticket responsive to a driver detecting a jobrequest made by a logged-in user; verifying, via a directory serverdevice coupled to the network, whether or not authentication of thelogged-in user has been successful; responsive to detecting a successfulauthentication, generating, at the user-manager server device, a jobticket and transmitting the job ticket and authorization informationcorresponding to the logged-in user to the host terminal device via thenetwork; generating, at the host terminal device, a job executioninstruction responsive to the authorization information and transmittingthe job execution instruction and the job ticket to an image formingapparatus; and determining, at the image forming apparatus, whether thejob ticket is valid, and responsive to determining that the job ticketis valid, executing the job specified by the job execution instructionat the image forming apparatus.
 18. The image forming method accordingto claim 15, further comprising transmitting, from the image formingapparatus, an inquiry to the user-manager server device to verifyvalidity of the job ticket.
 19. The image forming method according toclaim 15, further comprising receiving, at the host terminal device, anindication of the result of the job execution from the image formingapparatus.
 20. The image forming method according to claim 15, whereinthe user-manager server device generates a unique job ticket based onthe logged-in user's user ID and a one-time data using a predeterminedfunction.